[Bug]: launch template default value changed: http_token

[tburow]

Terraform Core Version

v1.4.2

AWS Provider Version

4.61.0

Affected Resource(s)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template#metadata-options

http_token default value from 4.60.0 to 4.61.0 changed from optional to required under change #30107

This is a breaking change not declared in the pull request, release notes or documentation

Expected Behavior

http_token default value should either remain as "optional" or this change needs to be fully documented in both the release and current documentation.

Actual Behavior

http_token = required

breaks ec2 instance metadata operations unless properly coordinated with supporting code and or resource changes

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

n/a

Steps to Reproduce

n/a

Debug Output

n/a

Panic Output

n/a

Important Factoids

Code impact:
this impacts both java and python application code methods

Configuration impact:
Docker containers running on EC2, from a launch template will fail to retrieve role credentials due to IDMS version changes with out additional required config modification

References

#30107

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template#metadata-options

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[gdavison]

Hi @tburow, can you please share your configuration? I'm trying to reproduce the problem, and I get "", which means that the Launch Template doesn't specify a value, in both v4.60.0 and v4.61.0. In the AWS Console, you can also check this as the value for "Metadata version" on the "Advanced details" tab for the Launch Template.

Do you have multiple versions of the Launch Template, or is this for a new Launch Template?

[tburow]

ok - so if the resource module is not specifying a default value then im not sure what to say. Give me till monday to chase down the developer and get the code.

[Indresh2410]

Based on this testcase
https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/ec2/ec2_launch_template_test.go#L2958

If we remove the below line
https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/ec2/ec2_launch_template_test.go#L4113

and run the test, we may be able to reproduce it (http_tokens becoming 'required')

[tburow]

yes essentially we did not have the meta block defined - then from .60 to .61 the default behavior changed. I was unable to find in code where it flipped - perhaps an CLI/SDK default change if there were other changes in the release code.

I was not able to confirm with AWS if they changed anything on their end. Our AWS support team is not aware of any EC2 releases over the same period.

At a min - maybe an update of the release notes and documentation to reflect the changed behavior.

[supergibbs]

This just confused me as well for aws_instance. Docs say http_tokens defaults to optional but in practice, it was required. It may be AWS API change but docs are misleading